It felt like I had stepped out of a time machine and it was 2019. I was walking about a mile between meetings on different sides of the Mandalay Bay hotel. Though seeing some folks with face masks reminded me that it was, in fact, 2022. But I was in Las Vegas, and the badge around my neck indicated I was there for the Black Hat U.S. 2022 show.
It’s been a long time since I’ve been to a large security conference. Or any conference at all, for that matter. I couldn’t attend the RSA Conference back in June, so it had been 30 months since I’ve seen the security community in person. As I fly over Arkansas on my way back to Atlanta, here are a few thoughts about the show.
1. Security conferences are back: Well, kind of. There were a lot of people at Black Hat. Lots of vendor personnel on the show floor and lots of practitioners at the sessions. Sometimes the practitioners even made it to the show floor, given that most of the companies said they had a steady stream of booth traffic. It was nice to see people out and about, and I got to connect with so many good friends and got lots of hugs. It was good for my soul.
2. There was no theme: I went in expecting to see a lot of zero-trust and XDR and DevSecOps. I saw some of the buzzword bingo, but it was muted. That doesn’t mean I understood what most of the companies did, based on their booth. I didn’t. Most had some combination of detection, cloud and response as well as a variety of Gartner-approved category acronyms. I guess the events marketing teams are a bit rusty.
3. Booth size doesn’t correlate to company size: Some very large public companies had small booths. Some startups that I’d never heard of had large booths. Does that mean anything? It means some companies burned a lot of their VC money in Vegas this week, and public company shareholders didn’t.
4. Magicians still fill the booth, and you can get very caffeinated: Whenever I saw a crowd around a booth, there was typically some kind of performer doing some kind of show. Not sure how having some guy do magic tricks helped create demand for a security product, but it did fill the booths. So, I guess event marketing folks get paid by the badge scan, as well. Moreover, every other booth had an espresso machine. So if you needed a shot of energy after a long night at the tables or in a club, Black Hat was there for you.
I asked practitioners about budgets and vendors about sales cycles. Some projects are being scrutinized, but the “must-haves” like CSPM, CNAPP, and increasingly, API security are still growing fast. Managed detection and response remains very hot as organizations realize they don’t have the resources to staff their SOC. Same as it ever was.
Overall, the security business seems very healthy, and I couldn’t be happier to be back at Black Hat.